[ 34.093282][ T26] audit: type=1800 audit(1551625693.406:27): pid=7357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.125733][ T26] audit: type=1800 audit(1551625693.476:28): pid=7357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.077672][ T26] audit: type=1800 audit(1551625694.436:29): pid=7357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.101499][ T26] audit: type=1800 audit(1551625694.436:30): pid=7357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. 2019/03/03 15:08:26 parsed 1 programs 2019/03/03 15:08:28 executed programs: 0 syzkaller login: [ 49.481842][ T7537] IPVS: ftp: loaded support on port[0] = 21 [ 49.481847][ T7540] IPVS: ftp: loaded support on port[0] = 21 [ 49.489338][ T7533] IPVS: ftp: loaded support on port[0] = 21 [ 49.510911][ T7532] IPVS: ftp: loaded support on port[0] = 21 [ 49.520637][ T7535] IPVS: ftp: loaded support on port[0] = 21 [ 49.543365][ T7539] IPVS: ftp: loaded support on port[0] = 21 [ 49.785569][ T7532] chnl_net:caif_netlink_parms(): no params data found [ 49.802329][ T7540] chnl_net:caif_netlink_parms(): no params data found [ 49.816486][ T7533] chnl_net:caif_netlink_parms(): no params data found [ 49.943666][ T7535] chnl_net:caif_netlink_parms(): no params data found [ 49.966369][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.973449][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.981686][ T7540] device bridge_slave_0 entered promiscuous mode [ 49.989692][ T7532] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.996924][ T7532] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.004415][ T7532] device bridge_slave_0 entered promiscuous mode [ 50.034061][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.042417][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.050651][ T7540] device bridge_slave_1 entered promiscuous mode [ 50.057865][ T7532] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.064910][ T7532] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.073364][ T7532] device bridge_slave_1 entered promiscuous mode [ 50.092172][ T7533] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.099593][ T7533] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.109069][ T7533] device bridge_slave_0 entered promiscuous mode [ 50.118942][ T7533] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.126056][ T7533] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.134097][ T7533] device bridge_slave_1 entered promiscuous mode [ 50.183853][ T7540] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.193766][ T7540] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.203584][ T7532] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.229957][ T7537] chnl_net:caif_netlink_parms(): no params data found [ 50.253950][ T7532] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.268543][ T7535] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.275659][ T7535] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.283204][ T7535] device bridge_slave_0 entered promiscuous mode [ 50.293427][ T7533] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.308379][ T7533] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.326629][ T7539] chnl_net:caif_netlink_parms(): no params data found [ 50.335540][ T7535] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.343296][ T7535] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.350999][ T7535] device bridge_slave_1 entered promiscuous mode [ 50.368631][ T7540] team0: Port device team_slave_0 added [ 50.401062][ T7540] team0: Port device team_slave_1 added [ 50.408133][ T7533] team0: Port device team_slave_0 added [ 50.418139][ T7532] team0: Port device team_slave_0 added [ 50.433388][ T7537] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.440613][ T7537] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.448595][ T7537] device bridge_slave_0 entered promiscuous mode [ 50.457361][ T7533] team0: Port device team_slave_1 added [ 50.478592][ T7532] team0: Port device team_slave_1 added [ 50.485574][ T7535] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.494000][ T7537] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.501496][ T7537] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.509703][ T7537] device bridge_slave_1 entered promiscuous mode [ 50.591112][ T7540] device hsr_slave_0 entered promiscuous mode [ 50.646494][ T7540] device hsr_slave_1 entered promiscuous mode [ 50.687697][ T7535] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.745714][ T7537] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.755271][ T7539] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.762413][ T7539] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.770413][ T7539] device bridge_slave_0 entered promiscuous mode [ 50.828747][ T7533] device hsr_slave_0 entered promiscuous mode [ 50.896312][ T7533] device hsr_slave_1 entered promiscuous mode [ 50.988764][ T7532] device hsr_slave_0 entered promiscuous mode [ 51.026438][ T7532] device hsr_slave_1 entered promiscuous mode [ 51.097362][ T7537] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.115532][ T7539] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.123477][ T7539] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.131193][ T7539] device bridge_slave_1 entered promiscuous mode [ 51.168535][ T7535] team0: Port device team_slave_0 added [ 51.184690][ T7537] team0: Port device team_slave_0 added [ 51.194263][ T7537] team0: Port device team_slave_1 added [ 51.203810][ T7535] team0: Port device team_slave_1 added [ 51.298944][ T7537] device hsr_slave_0 entered promiscuous mode [ 51.346357][ T7537] device hsr_slave_1 entered promiscuous mode [ 51.408624][ T7539] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.497451][ T7535] device hsr_slave_0 entered promiscuous mode [ 51.536508][ T7535] device hsr_slave_1 entered promiscuous mode [ 51.577651][ T7539] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.591186][ T7540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.632794][ T7539] team0: Port device team_slave_0 added [ 51.644896][ T7540] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.657263][ T7539] team0: Port device team_slave_1 added [ 51.666989][ T3480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.675154][ T3480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.683017][ T3480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.691698][ T3480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.700269][ T3480] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.707528][ T3480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.715644][ T3480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.767640][ T7539] device hsr_slave_0 entered promiscuous mode [ 51.826418][ T7539] device hsr_slave_1 entered promiscuous mode [ 51.884484][ T7532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.898239][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.907140][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.915339][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.922409][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.944645][ T7532] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.953745][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.963188][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.972194][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.979950][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.987677][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.995927][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.004306][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.044585][ T7537] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.068006][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.076698][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.085017][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.092117][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.099915][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.108666][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.117221][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.124241][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.131876][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.140482][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.149175][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.170358][ T7535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.182295][ T7540] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.194079][ T7540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.215298][ T7533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.222862][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.231942][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.240592][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.249383][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.258291][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.266798][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.274854][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.309981][ T7540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.318730][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.329295][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.337624][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.345176][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.354171][ T7537] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.364533][ T7539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.380859][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.389877][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.397882][ T7548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.427870][ T7535] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.441284][ T7537] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.457938][ T7537] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.479161][ T7539] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.492921][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.502606][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.511033][ T2987] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.518127][ T2987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.525633][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.534626][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.543092][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.550136][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.558410][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.567344][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.575656][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.584087][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.592292][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.601002][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.609371][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.617068][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.624606][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.633250][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.641541][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.650335][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.658511][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.666762][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.674757][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.683146][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.691570][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.700015][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.708672][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.716546][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.724300][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.758440][ T7537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.768422][ T7532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.792003][ T7532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.808641][ T7533] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.815451][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.827104][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.835377][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.842466][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.851143][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.859906][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.870378][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.877474][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.877962][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.894875][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.903442][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.910531][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.919499][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.928314][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.936966][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.944018][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.951692][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.960804][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.970631][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.012420][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.020737][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.029707][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.040454][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.049838][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.058997][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.068268][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.077070][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.085502][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.094311][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.103023][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.120387][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.129056][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.137428][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.147475][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.161527][ T7535] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 53.173570][ T7535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.196277][ T7539] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.208260][ T7539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.240509][ T7532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.249725][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.258638][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.266691][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.281740][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.292486][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.301229][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.309870][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.318704][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.327095][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.335596][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.343973][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.351084][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.359806][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.368929][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.380062][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.387163][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.396685][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.405316][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.412906][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.463656][ T7535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.480456][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.492433][ T7539] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.567712][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.587670][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.608391][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.619780][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.632590][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.648743][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.659648][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.672983][ T7533] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.693512][ T7533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.708520][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.718867][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.741355][ T7533] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/03/03 15:08:33 executed programs: 39 [ 54.715024][ T7869] ================================================================== [ 54.723311][ T7869] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0 [ 54.730518][ T7869] Read of size 8 at addr ffff8880a4612720 by task syz-executor.4/7869 [ 54.730529][ T7869] [ 54.730544][ T7869] CPU: 1 PID: 7869 Comm: syz-executor.4 Not tainted 5.0.0-rc8-next-20190301 #1 [ 54.730561][ T7869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.730567][ T7869] Call Trace: [ 54.730587][ T7869] dump_stack+0x172/0x1f0 [ 54.730606][ T7869] ? __list_add_valid+0x9a/0xa0 [ 54.772434][ T7869] print_address_description.cold+0x7c/0x20d [ 54.778396][ T7869] ? __list_add_valid+0x9a/0xa0 [ 54.783231][ T7869] ? __list_add_valid+0x9a/0xa0 [ 54.788084][ T7869] kasan_report.cold+0x1b/0x40 [ 54.792851][ T7869] ? __list_add_valid+0x9a/0xa0 [ 54.797719][ T7869] __asan_report_load8_noabort+0x14/0x20 [ 54.803355][ T7869] __list_add_valid+0x9a/0xa0 [ 54.808058][ T7869] rdma_listen+0x6b7/0x970 [ 54.812483][ T7869] ucma_listen+0x14d/0x1c0 [ 54.816905][ T7869] ? ucma_notify+0x190/0x190 [ 54.821505][ T7869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.827731][ T7869] ? _copy_from_user+0xdd/0x150 [ 54.832587][ T7869] ucma_write+0x2da/0x3c0 [ 54.836910][ T7869] ? ucma_notify+0x190/0x190 [ 54.836922][ T7869] ? ucma_open+0x290/0x290 [ 54.836937][ T7869] ? apparmor_file_permission+0x25/0x30 [ 54.836949][ T7869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.836964][ T7869] ? security_file_permission+0x94/0x380 [ 54.836982][ T7869] __vfs_write+0x8d/0x110 [ 54.846001][ T7869] ? ucma_open+0x290/0x290 [ 54.846019][ T7869] vfs_write+0x20c/0x580 [ 54.846037][ T7869] ksys_write+0xea/0x1f0 [ 54.846069][ T7869] ? __ia32_sys_read+0xb0/0xb0 [ 54.885416][ T7869] ? do_syscall_64+0x26/0x610 [ 54.890081][ T7869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.896135][ T7869] ? do_syscall_64+0x26/0x610 [ 54.900815][ T7869] __x64_sys_write+0x73/0xb0 [ 54.905411][ T7869] do_syscall_64+0x103/0x610 [ 54.910001][ T7869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.915879][ T7869] RIP: 0033:0x457e29 [ 54.919762][ T7869] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.939354][ T7869] RSP: 002b:00007f8fa1d3ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.947784][ T7869] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 54.955767][ T7869] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000003 [ 54.963782][ T7869] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 54.971749][ T7869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fa1d3f6d4 [ 54.979716][ T7869] R13: 00000000004cd9b8 R14: 00000000004dcc38 R15: 00000000ffffffff [ 54.987710][ T7869] [ 54.990025][ T7869] Allocated by task 7875: [ 54.994365][ T7869] save_stack+0x45/0xd0 [ 54.998515][ T7869] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 55.004159][ T7869] kasan_kmalloc+0x9/0x10 [ 55.008485][ T7869] kmem_cache_alloc_trace+0x151/0x760 [ 55.013895][ T7869] __rdma_create_id+0x5f/0x4e0 [ 55.018647][ T7869] ucma_create_id+0x1de/0x640 [ 55.023307][ T7869] ucma_write+0x2da/0x3c0 [ 55.027620][ T7869] __vfs_write+0x8d/0x110 [ 55.031929][ T7869] vfs_write+0x20c/0x580 [ 55.036150][ T7869] ksys_write+0xea/0x1f0 [ 55.040375][ T7869] __x64_sys_write+0x73/0xb0 [ 55.044946][ T7869] do_syscall_64+0x103/0x610 [ 55.049548][ T7869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.055441][ T7869] [ 55.057776][ T7869] Freed by task 7849: [ 55.061751][ T7869] save_stack+0x45/0xd0 [ 55.065906][ T7869] __kasan_slab_free+0x102/0x150 [ 55.070833][ T7869] kasan_slab_free+0xe/0x10 [ 55.075337][ T7869] kfree+0xcf/0x230 [ 55.079130][ T7869] rdma_destroy_id+0x719/0xaa0 [ 55.083882][ T7869] ucma_close+0x115/0x320 [ 55.088201][ T7869] __fput+0x2e5/0x8d0 [ 55.092160][ T7869] ____fput+0x16/0x20 [ 55.096131][ T7869] task_work_run+0x14a/0x1c0 [ 55.100720][ T7869] exit_to_usermode_loop+0x273/0x2c0 [ 55.105994][ T7869] do_syscall_64+0x52d/0x610 [ 55.110587][ T7869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.116457][ T7869] [ 55.118762][ T7869] The buggy address belongs to the object at ffff8880a4612540 [ 55.118762][ T7869] which belongs to the cache kmalloc-2k of size 2048 [ 55.132796][ T7869] The buggy address is located 480 bytes inside of [ 55.132796][ T7869] 2048-byte region [ffff8880a4612540, ffff8880a4612d40) [ 55.146162][ T7869] The buggy address belongs to the page: [ 55.151785][ T7869] page:ffffea0002918480 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0 [ 55.162448][ T7869] flags: 0x1fffc0000010200(slab|head) [ 55.167814][ T7869] raw: 01fffc0000010200 ffffea0002937f08 ffffea000292fd88 ffff88812c3f0c40 [ 55.176397][ T7869] raw: 0000000000000000 ffff8880a4612540 0000000100000003 0000000000000000 [ 55.184960][ T7869] page dumped because: kasan: bad access detected [ 55.191358][ T7869] [ 55.193661][ T7869] Memory state around the buggy address: [ 55.199267][ T7869] ffff8880a4612600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.207322][ T7869] ffff8880a4612680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.215371][ T7869] >ffff8880a4612700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.223416][ T7869] ^ [ 55.228541][ T7869] ffff8880a4612780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.236631][ T7869] ffff8880a4612800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.244700][ T7869] ================================================================== [ 55.252786][ T7869] Disabling lock debugging due to kernel taint [ 55.299643][ T7869] Kernel panic - not syncing: panic_on_warn set ... [ 55.306262][ T7869] CPU: 1 PID: 7869 Comm: syz-executor.4 Tainted: G B 5.0.0-rc8-next-20190301 #1 [ 55.316585][ T7869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.326648][ T7869] Call Trace: [ 55.329928][ T7869] dump_stack+0x172/0x1f0 [ 55.334294][ T7869] panic+0x2cb/0x65c [ 55.338189][ T7869] ? __warn_printk+0xf3/0xf3 [ 55.338205][ T3876] kobject: 'loop1' (00000000ef0438d1): kobject_uevent_env [ 55.342776][ T7869] ? __list_add_valid+0x9a/0xa0 [ 55.342791][ T7869] ? preempt_schedule+0x4b/0x60 [ 55.342811][ T7869] ? ___preempt_schedule+0x16/0x18 [ 55.357179][ T3876] kobject: 'loop1' (00000000ef0438d1): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 55.359577][ T7869] ? trace_hardirqs_on+0x5e/0x230 [ 55.359594][ T7869] ? __list_add_valid+0x9a/0xa0 [ 55.359620][ T7869] end_report+0x47/0x4f [ 55.359633][ T7869] ? __list_add_valid+0x9a/0xa0 [ 55.359650][ T7869] kasan_report.cold+0xe/0x40 [ 55.385189][ T3876] kobject: 'loop5' (00000000dff4f633): kobject_uevent_env [ 55.388963][ T7869] ? __list_add_valid+0x9a/0xa0 [ 55.388990][ T7869] __asan_report_load8_noabort+0x14/0x20 [ 55.389007][ T7869] __list_add_valid+0x9a/0xa0 [ 55.397677][ T3876] kobject: 'loop5' (00000000dff4f633): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 55.398498][ T7869] rdma_listen+0x6b7/0x970 [ 55.398516][ T7869] ucma_listen+0x14d/0x1c0 [ 55.427784][ T3876] kobject: 'loop3' (00000000a9df341b): kobject_uevent_env [ 55.431656][ T7869] ? ucma_notify+0x190/0x190 [ 55.431674][ T7869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.431691][ T7869] ? _copy_from_user+0xdd/0x150 [ 55.453030][ T3876] kobject: 'loop3' (00000000a9df341b): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 55.458576][ T7869] ucma_write+0x2da/0x3c0 [ 55.458589][ T7869] ? ucma_notify+0x190/0x190 [ 55.458599][ T7869] ? ucma_open+0x290/0x290 [ 55.458614][ T7869] ? apparmor_file_permission+0x25/0x30 [ 55.458628][ T7869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.458648][ T7869] ? security_file_permission+0x94/0x380 [ 55.470486][ T3876] kobject: 'loop0' (00000000d2c35818): kobject_uevent_env [ 55.473652][ T7869] __vfs_write+0x8d/0x110 [ 55.473663][ T7869] ? ucma_open+0x290/0x290 [ 55.473687][ T7869] vfs_write+0x20c/0x580 [ 55.473732][ T7869] ksys_write+0xea/0x1f0 [ 55.485897][ T3876] kobject: 'loop0' (00000000d2c35818): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 55.487059][ T7869] ? __ia32_sys_read+0xb0/0xb0 [ 55.487076][ T7869] ? do_syscall_64+0x26/0x610 [ 55.487089][ T7869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.487101][ T7869] ? do_syscall_64+0x26/0x610 [ 55.487115][ T7869] __x64_sys_write+0x73/0xb0 [ 55.487132][ T7869] do_syscall_64+0x103/0x610 [ 55.517239][ T3876] kobject: 'loop5' (00000000dff4f633): kobject_uevent_env [ 55.520344][ T7869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.520356][ T7869] RIP: 0033:0x457e29 [ 55.520368][ T7869] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.520381][ T7869] RSP: 002b:00007f8fa1d3ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.524711][ T3876] kobject: 'loop5' (00000000dff4f633): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 55.528872][ T7869] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 55.528879][ T7869] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000003 [ 55.528886][ T7869] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.528894][ T7869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fa1d3f6d4 [ 55.528901][ T7869] R13: 00000000004cd9b8 R14: 00000000004dcc38 R15: 00000000ffffffff [ 55.539959][ T7869] Kernel Offset: disabled [ 55.668917][ T7869] Rebooting in 86400 seconds..